The Department of Homeland Security is running hundreds of sensitive and top secret databases without the proper authorization, leaving the agency unsure if it can “protect sensitive information” from cyber attacks.

An audit released publicly Thursday by the inspector general found multiple areas of weaknesses within the agency’s information security programs.

Specifically, the department is operating 136 “sensitive but unclassified,” “Secret,” and “Top Secret” systems with “expired authorities to operate.”

“As of June 2015, DHS had 17 systems classified as ‘Secret’ or ‘Top Secret’ operating without [authorities to operate] ATOs,” the inspector general said. “Without ATOs, DHS cannot ensure that its systems are properly secured to protect sensitive information stored and processed in them.”

Leading the agencies operating unsecured databases was the Coast Guard with 26, followed by the Federal Emergency Management Agency with 25, and Customs and Border Protection with 14.